Ticket #47714 - [RFE] Update lastLoginTime also in Account Policy plugin if account lockout is based on passwordExpirationTime.

Description: Introducing a new attribute alwaysRecordLoginAttr to
Account Policy config entry (cn=config,cn=Account Policy Plugin,
cn=plugins,cn=config) to distinguish an attribute for checking the
account's activity (e.g., passwordExpirationTime) and an attribute
to be updated at the successful login (e.g., lastLoginTime).

https://fedorahosted.org/389/ticket/47714

Reviewed by [email protected] (Thanks, Mark!!)

ldap/servers/plugins/acctpolicy/acct_config.c

@@ -100,6 +100,15 @@ acct_policy_entry2config( Slapi_Entry *e, acctPluginCfg *newcfg ) {
                  slapi_ch_free_string( &newcfg->alt_state_attr_name ); /*none - NULL */
 	} /* else use configured value */
 
+	newcfg->always_record_login_attr = get_attr_string_val( e, CFG_RECORD_LOGIN_ATTR );
+	/* What user attribute will store the last login time 
+	 * of a user. If empty, should have the same value as 
+	 * stateattrname. default value: empty
+	 */
+	if( newcfg->always_record_login_attr == NULL ) {
+		newcfg->always_record_login_attr = slapi_ch_strdup( newcfg->state_attr_name );
+	}
+
 	newcfg->spec_attr_name = get_attr_string_val( e, CFG_SPEC_ATTR );
 	if( newcfg->spec_attr_name == NULL ) {
 		newcfg->spec_attr_name = slapi_ch_strdup( DEFAULT_SPEC_ATTR );
@@ -159,5 +168,6 @@ free_config()
 	slapi_ch_free_string(&globalcfg.alt_state_attr_name);
 	slapi_ch_free_string(&globalcfg.spec_attr_name);
 	slapi_ch_free_string(&globalcfg.limit_attr_name);
+	slapi_ch_free_string(&globalcfg.always_record_login_attr);
 }
 

ldap/servers/plugins/acctpolicy/acct_plugin.c

@@ -111,7 +111,7 @@ acct_record_login( const char *dn )
 	/* if we are not allowed to modify the state attr we're done
          * this could be intentional, so just return
          */
-	if (! update_is_allowed_attr(cfg->state_attr_name) )
+	if (! update_is_allowed_attr(cfg->always_record_login_attr) )
 		return rc;
  
 	plugin_id = get_identity();
@@ -124,7 +124,7 @@ acct_record_login( const char *dn )
 	vals [1] = NULL;
 
 	mod.mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
-	mod.mod_type = cfg->state_attr_name;
+	mod.mod_type = cfg->always_record_login_attr;
 	mod.mod_bvalues = vals;
 
 	mods[0] = &mod;
@@ -142,13 +142,13 @@ acct_record_login( const char *dn )
 
 	if (ldrc != LDAP_SUCCESS) {
 		slapi_log_error( SLAPI_LOG_FATAL, POST_PLUGIN_NAME,
-			"Recording %s=%s failed on \"%s\" err=%d\n", cfg->state_attr_name,
+			"Recording %s=%s failed on \"%s\" err=%d\n", cfg->always_record_login_attr,
 			timestr, dn, ldrc );
 		rc = -1;
 		goto done;
 	} else {
 		slapi_log_error( SLAPI_LOG_PLUGIN, POST_PLUGIN_NAME,
-			"Recorded %s=%s on \"%s\"\n", cfg->state_attr_name, timestr, dn );
+			"Recorded %s=%s on \"%s\"\n", cfg->always_record_login_attr, timestr, dn );
 	}
 
 done:

ldap/servers/plugins/acctpolicy/acctpolicy.h

@@ -28,6 +28,7 @@ Hewlett-Packard Development Company, L.P.
 #define CFG_SPEC_ATTR "specAttrName"
 #define CFG_INACT_LIMIT_ATTR "limitAttrName"
 #define CFG_RECORD_LOGIN "alwaysRecordLogin"
+#define CFG_RECORD_LOGIN_ATTR "alwaysRecordLoginAttr"
 
 #define DEFAULT_LASTLOGIN_STATE_ATTR "lastLoginTime"
 #define DEFAULT_ALT_LASTLOGIN_STATE_ATTR "createTimestamp"
@@ -56,6 +57,7 @@ typedef struct acct_plugin_cfg {
 	char* spec_attr_name;
 	char* limit_attr_name;
 	int always_record_login;
+	char* always_record_login_attr;
 	unsigned long inactivitylimit;
 } acctPluginCfg;